The so-called Storm worm is actually not a worm, but rather a family of Trojans that typically have the following components:
Between the size of the botnet and the email addresses harvested, the Storm creator(s) is able to spam millions of recipients. Much of this spam is designed to spread more copies of the Storm Trojans. Storm worm email is typically disguised as a greeting card, but may also use fear tactics such as claiming to be from a private investigator.
The Storm family first appeared in mid-2006, but earned its nickname in January 2007 when a batch of the spammed Trojans used the subject line: "230 dead as storm batters Europe". This coincided with a very real storm in Europe in which some deaths were actually reported. The timing of the two lent legitimacy to the Trojan email, gaining it both more victims and the nickname "Storm worm".
The Storm family of Trojans may be detected by antivirus software using a variety of different names. As an example, the notorious January variant that earned it the nickname "Storm worm" was detected by antivirus vendors as Trojan-Downloader.Win32.Small.dam, Trojan.Downloader-647, Trojan.DL.Tibs.Gen!Pac13, Email-Worm.Win32.Zhelatin.a (Kaspersky), Downloader-BAI (McAfee), Troj/Dorf-Fam (Sophos), Trojan.Peacomm (Symantec), TROJ_SMALL.EDW (Trend Micro), Win32/Nuwar.N@MM (Microsoft). Though detection names may vary greatly, the most commonly used names today include Storm, Zhelatin, Peacomm, and Nuwar. The download component is often detected as either a Small or Agent Trojan.
